Alan Cox wrote : > On Fri, Feb 27, 2004 at 07:43:20PM +0100, Matthias Saou wrote: > > Yes, mach parses source and patch tags, expands them and searches the > > current directory for a matching file name, then searches for an already > > downloaded file in the chroot, and if none are found, tries to download > > the file. > > Has mach added an sha sum to the source spec file so that the download > is known to be correct, otherwise this seems slightly umm dangerous ? One could add that inside the spec file after checking. But my point here was that copy/pasting a source tag to download it (i.e. with wget) was even more complicated than what mach is able to do. Now, in any case, if one wants checking to be done, it needs to be done "manually" with some reviewing, or something specific needs to be set up, for example checking the signature of the downloaded tarball from an asc file against a trusted key. Although this is important, it's beyond the point I was trying to make ;-) Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 1 (Yarrow) - Linux kernel 2.6.3-1.91 Load : 0.96 0.97 0.74
